The CAS Authentication Provider enables the Cloud CMS Application Server to authenticate, validate tokens and load user profile information against servers that implement the Central Authentication Service SSO protocol (either version 2 or version 3).


Here are all of the properties that may be configured:

"auth": {
    "enabled": true,
    "providers": {
        "keycloak": {
            "enabled": true,
            "ssoBaseURL": "",
            "serverBaseURL": "http://localhost:3000",            
            "validateURL": "",
            "successRedirect": "",
            "failureRedirect": "",
            "autoRegister": true,
            "registrationRedirect": "",
            "passTicket": true,
            "passToken": true

Where these properties are specific to CAS:

  • ssoBaseURL
  • serverBaseURL
  • validateURL

And the following properties are in common across all authentication providers:

  • enabled - whether the authentication provider is enabled
  • successRedirect - the URL to redirect to if the end user successfully authenticates
  • failureRedirect - the URL to redirect to if the end user fails to authenticate
  • autoRegister - whether to automatically create a Cloud CMS user (if none found) upon authentication
  • registrationRedirect - the URL to redirect to for user registration if a Cloud CMS user is not found
  • passTicket - whether to pass the authentication ticket back as the ticket parameter in the successRedirect
  • passToken - whether to pass the authentication access token back as the token parameter in the successRedirect